Kyle Cassidy and Richard Cardona give you a quick-and-dirty explanation on route tables, to help you take advantage of a free and simple way to block unwanted traffic to specific IP addresses or subnets.

Every TCP/IP client machine, regardless of operating system, needs to make
decisions about where to send a packet after it has been addressed. The route
table is the network map that tells your computer how to deliver the packet to
its network addressee. It is rarely necessary to inspect your route table
because most machines have dynamically assigned IP configurations, they're
single-homed machines (they have only one network card), and they sit on a
network with a single gateway. This is the standard network setup. The route
table is automatically generated, and the default configuration is usually the
best one to use for that standard setup.

It becomes important to understand how to read and modify your route table
only when your network configuration is not standard or if you want to deviate
from your standard route. For example, perhaps you have two NICs in your
workstation or two gateways on your network. You might want to send some packets
through one route and other packets to another route. Perhaps you use the
Windows 2000 Internet Connection Sharing tool with a DSL connection in your
small company, and you do not want your employees to use AOL Instant Messenger.
Perhaps pop-up advertisements from doubleclick.net have become too tiresome.
Simple modifications to the default route table can redirect packets intended
for those services to a null address.

There is more to know about route tables than what we describe here. This
article is intended to provide a quick-and-dirty explanation on route tables so
that you can use the information to provide a costless and simple alternative
for blocking unwanted traffic to specific IP addresses or subnets. It's not
possible to modify the route table in such a way that your users will get
disney.com if they enter playboy.com. You'd have to use other tools to
achieve that end. It is possible, however, that they can get nothing at all by
just making a few simple changes to the route information.

How Can I Read the Route Table?

Before you can learn to modify the route table, let's take a look at a
sample default route table for a standard workstation and learn to read the
helpful information located in it. In Windows 2000 as well as other operating
systems, you can type route print from a command prompt window and
receive output that looks like Figure
1.

This is the standard route table for a single-homed Windows 2000 Professional
workstation with a standard network configuration. The route table was
dynamically generated and was not modified directly except by the operating
system itself. The IP configuration of this machine is DHCP assigned. Its
network settings are shown here:

IP address: 192.168.100.207

Network mask: 255.255.255.0

Default gateway: 192.168.100.1

This information can be obtained by typing ipconfig
/all from a command prompt in virtually all Microsoft OS environments for
networked workstations using TCP/IP. Each portion of the route table may have
useful information for the user. For our purposes, we will divide the route
table into three parts. (See the example above.)

Interface list

Active routes

Persistent routes

Interface List

The interface list displays information about each NIC in the machine and the
loopback interface (127.0.0.1), a convention used by the machine to address
itself regardless of the NIC configuration when the TCP/IP protocol is
installed. The interface list also provides MAC address information and the NIC
make and model.

Active Routes

The active routes are the default routes used by the machine to govern where
it should send packets. Active routes information falls into five columns:

Network Destination is in the first column. It lists the routes
from least specific to most specific. The 0 digit is nonspecific, in
that it can represent any number. Therefore, the first route listed, the default
route, indicates that any packet with any IP address can be sent to the gateway
192.168.100.1 through the interface 192.168.100.207 using the example above.

Netmask information comes in the second column and provides
broadcast information. It defines how closely an address must match the network
destination, octet by octet, to use the route. Here, too, the 0 digit
is nonspecific. Conversely, 255 is most specific. Therefore, for an
address to be able to use the third route in the example above the first three
octets of the network destination (192.168.100.0) must match exactly because the
netmask (255.255.255.0) allows no variation in the first three octets:

If the netmask were (255.255.0.0), only the first two octets would
require an exact match. The last octet can be any number, as indicated by the
0.

Gateway is listed in the third column. It indicates the network
gateway for the route. It will always be either the IP address of the NIC, the
loopback address (127.0.0.1), or the default gateway in a standard network
setup.

Interface indicates the NIC by which to reach the gateway for the
route. It will always be either the IP address of the NIC or the loopback
address (127.0.0.1).

Metric is simply the number of hops to the destination.

A standard Microsoft OS setup will usually have seven routes in its table.
The list occurs from least specific (0.0.0.0) to most specific
(255.255.255.255). You will always find these network destinations in the route
table.

Occurring only once:

127.0.0.0 Software loopback

255.255.255.255 Limited broadcast address

For each NIC:

0.0.0.0 Default route

224.0.0.0 Multicast address

Three network destinations for each NIC (specific to our example above) are shown
here:

192.168.100.0 Defining the resident subnet

192.168.100.207 Defining the IP address of the NIC

192.168.100.255 Defining the broadcast address for the subnet

Although the first three octets are specific for our example, one
of the three network destinations must be a 0 and another must be a
255. This defines the subnet of the machine and its scope for
broadcasting.

The first NIC requires five routes to work correctly, in addition to two
routes necessary by default (127.0.0.0 and 255.255.255.255). Additional NICs may
require only four routes, depending on the complexity of your network.

Persistent Routes

Any modifications that you make to the route table are dynamic. Every time
you restart your computer, it rebuilds every route in the table. Therefore, any
changes that you might make to the table are lost unless you choose to make them
persistent. Persistent routes remain after every reboot unless they are manually
deleted. We'll talk more about that in the next section.